WordFence reports cross site scripting vulnerability on v1.6.4
-
WordFence is reporting a cross site scripting vulnerability on version 1.6.4 of the plugin. This should probably be addressed else users may abandon the plugin.
Vulnerability link: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/meks-smart-social-widget/meks-smart-social-widget-164-authenticated-admin-stored-cross-site-scripting
—
Full info from WordFence scan 25 May 2024 (version 1.6.4):
The Plugin “Meks Smart Social Widget” has a security vulnerability. Type: Plugin Vulnerable
Issue Found May 25, 2024 17:15. Critical
Plugin Name: Meks Smart Social Widget
Current Plugin Version: 1.6.4Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Meks Smart Social Widget” until a patched version is available. Get more information (https://www.wordfence.com/help/?query=scan-result-plugin-vulnerable)
Repository URL: https://www.ads-software.com/plugins/meks-smart-social-widget
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/578ed437-98b7-495b-91fd-45b882f39d95?source=plugin
Vulnerability Severity: 4.4/10.0 (Medium)
The page I need help with: [log in to see the link]
- The topic ‘WordFence reports cross site scripting vulnerability on v1.6.4’ is closed to new replies.
